Reading time: 3 minutes

Cloud computing is becoming the primary platform for web applications and the online distribution of increasingly complex and sensitive data. For many companies, cloud computing contracts inadequately address privacy and security risks. It is imperative that if your business is entering into a contract with a cloud computing vendor, the contract clearly sets out liability clauses and mitigates unique risks that arise from this form of technology.

IT contracts for cloud services differ substantially from traditional contracting models. From a technical perspective, IT infrastructure capacity is highly elastic. Elasticity means cloud server capacity can be dynamically reconfigured to adjust to a variable load depending on how many users are accessing data. Accordingly, there is an elimination of an up-front commitment by clients as they often pay only for what they use, compared to traditional IT hosting. These characteristics highlight not only the illusion of infinite resources but also how the location of data processing is not always known, predetermined or agreed to contractually.

Dude, Where’s My Data?

The physical location of data, coupled with its virtual state in the cloud, raises several issues regarding the validity of cross-border contracts and data security. Unlike traditional IT contracts whereby the law governing the Service Level Agreement and the choice of court in dispute resolution is clear, cloud computing raises new challenges. Given the potential movement of data across multiple jurisdictions, and the consequential inconsistency of confidentiality protection in differing jurisdictions, a client may find that their data may not be entitled to the same protection as contractually obliged. It is imperative that each cloud computing contract is drafted specifically for the vendor and the client.  Vendors should offer comprehensive and unambiguous jurisdiction clauses, including a list of the regulations and statutes that govern the site where data is stored and how compliance is executed.  

As the processing of data in the cloud can take place across different servers in different countries, or in a shared-tenancy cloud-computing environment, privacy concerns are paramount. The Privacy Act 1988 (Cth),  USA PATRIOT Act and European Union Data Privacy Directive all vary in coverage and effect of data protection and privacy. For Australian cloud computing vendors, consideration of the Australian Privacy Principles (APPs) is also a requirement.

What Should I Look For In A Cloud Computing Contract?

If you are a client using cloud computing technology, you can minimise the risk of security breaches by conducting your due diligence procedures such as knowing where your data is stored, and ensuring protocols are implemented to monitor continuously vendors and how data is handled.

Most shrink-wrap and click-wrap agreements only allow clients to view the terms and conditions of the contract after purchase. As these contracts may involve limited liability clauses or vendor subcontracting agreements, clients are not often given an opportunity to negotiate their terms and to scrutinise the terms of their licenses closely. If you are considering entering a cloud computing contract, you should use your power to negotiate how your software is installed to comply with your requirements,  and how data is stored and processed.

Key Takeaways

The innovation of cloud computing presents unique complexities and legal implications. Cloud computing clients should carefully scrutinise their contract before signing to ensure they understand the location and method of data storage. Our IT lawyers can assist with drafting or reviewing cloud computing contracts.

Questions? Get in touch on 1300 544 755.

Webinars

Construction Contract Essentials

Thursday 12 August | 11:00 - 11:45am

Online
Understand how construction contracts are drafted and how to protect your construction business.
Register Now

Startup 101: Understanding Cap Tables and ESOPs

Thursday 19 August | 11:00 - 11:45am

Online
Cap tables and employee share option plans are essential for fast-growing startups. Learn more with this free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer